cbcvebase.

Debian Firefox vulnerabilities

1,550 known vulnerabilities affecting debian/firefox.

Total CVEs
1,550
CISA KEV
11
actively exploited
Public exploits
39
Exploited in wild
20
Severity breakdown
CRITICAL333HIGH633MEDIUM542LOW42

Vulnerabilities

Page 36 of 78
CVE-2022-26387P3HIGHCVSS 7.5fixed in firefox 98.0-1 (sid)2022
CVE-2022-26387 [HIGH] CVE-2022-26387: firefox - When installing an add-on, Firefox verified the signature before prompting the u... When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)
debian
CVE-2022-22741P3HIGHCVSS 7.5fixed in firefox 96.0-1 (sid)2022
CVE-2022-22741 [HIGH] CVE-2022-22741: firefox - When resizing a popup while requesting fullscreen access, the popup would have b... When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)
debian
CVE-2024-8383P3HIGHCVSS 7.5fixed in firefox 130.0-1 (sid)2024
CVE-2024-8383 [HIGH] CVE-2024-8383: firefox - Firefox normally asks for confirmation before asking the operating system to fin... Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could r
debian
CVE-2023-4583P3HIGHCVSS 7.5fixed in firefox 117.0-1 (sid)2023
CVE-2023-4583 [HIGH] CVE-2023-4583: firefox - When checking if the Browsing Context had been discarded in `HttpBaseChannel`, i... When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (
debian
CVE-2023-4051P3HIGHCVSS 7.5fixed in firefox 116.0-1 (sid)2023
CVE-2023-4051 [HIGH] CVE-2023-4051: firefox - A website could have obscured the full screen notification by using the file ope... A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Scope: local sid: resolved (fixed in 116.0-1)
debian
CVE-2026-4726P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4726 [HIGH] CVE-2026-4726: firefox - Denial-of-service in the XML component. This vulnerability affects Firefox < 149... Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2016-1953P3HIGHCVSS 8.8fixed in firefox 45.0-1 (sid)2016
CVE-2016-1953 [HIGH] CVE-2016-1953: firefox - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox be... Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Scope: local sid: resolved (fixed in 45.0-1)
debian
CVE-2016-5264P3HIGHCVSS 8.8fixed in firefox 48.0-1 (sid)2016
CVE-2016-5264 [HIGH] CVE-2016-5264: firefox - Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange ... Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. Scope: local sid: resolved (fixed in 48.0-1)
debian
CVE-2026-4714P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4714 [HIGH] CVE-2026-4714: firefox - Incorrect boundary conditions in the Audio/Video component. This vulnerability a... Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4708P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4708 [HIGH] CVE-2026-4708: firefox - Incorrect boundary conditions in the Graphics component. This vulnerability affe... Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4719P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4719 [HIGH] CVE-2026-4719: firefox - Incorrect boundary conditions in the Graphics: Text component. This vulnerabilit... Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2026-4713P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4713 [HIGH] CVE-2026-4713: firefox - Incorrect boundary conditions in the Graphics component. This vulnerability affe... Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2025-1012P3HIGHCVSS 7.5fixed in firefox 135.0-1 (sid)2025
CVE-2025-1012 [HIGH] CVE-2025-1012: firefox - A race during concurrent delazification could have led to a use-after-free. This... A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)
debian
CVE-2026-4704P3HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026
CVE-2026-4704 [HIGH] CVE-2026-4704: firefox - Denial-of-service in the WebRTC: Signaling component. This vulnerability affects... Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)
debian
CVE-2024-3853P3HIGHCVSS 7.5fixed in firefox 125.0.1-1 (sid)2024
CVE-2024-3853 [HIGH] CVE-2024-3853: firefox - A use-after-free could result if a JavaScript realm was in the process of being ... A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125. Scope: local sid: resolved (fixed in 125.0.1-1)
debian
CVE-2026-2803P3HIGHCVSS 7.5fixed in firefox 148.0-1 (sid)2026
CVE-2026-2803 [HIGH] CVE-2026-2803: firefox - Information disclosure, mitigation bypass in the Settings UI component. This vul... Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Scope: local sid: resolved (fixed in 148.0-1)
debian
CVE-2025-13025P3HIGHCVSS 7.5fixed in firefox 145.0-1 (sid)2025
CVE-2025-13025 [HIGH] CVE-2025-13025: firefox - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerabil... Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. Scope: local sid: resolved (fixed in 145.0-1)
debian
CVE-2006-2777P3HIGHCVSS 7.5fixed in firefox 1.5.dfsg+1.5.0.4-1 (sid)2006
CVE-2006-2777 [HIGH] CVE-2006-2777: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before... Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
debian
CVE-2022-22759P3CRITICALCVSS 9.6fixed in firefox 97.0-1 (sid)2022
CVE-2022-22759 [CRITICAL] CVE-2022-22759: firefox - If a document created a sandboxed iframe without <code>allow-scripts</code>, and... If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)
debian
CVE-2025-1936P3HIGHCVSS 7.3fixed in firefox 136.0-1 (sid)2025
CVE-2025-1936 [HIGH] CVE-2025-1936: firefox - jar: URLs retrieve local file content packaged in a ZIP archive. The null and ev... jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firef
debian
Debian Firefox vulnerabilities | cvebase